STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020: STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:SV-18893r2_rule
V-17719
RTS-VTC 5020
RTS-VTC 5020.00
CAT II
10
Implement access control measures for all conferences hosted on a centralized MCU appliance as follows:
- Only authorized endpoints are permitted to access an MCU
- Only authorized users are permitted to access/join a conference. Authorization is pre-configured on the MCU access control system and is based on validated need-to-know as well as security clearance if applicable.
Note: this applies to standing, scheduled one-time, and non-scheduled ad hoc conferences.
Review site documentation to confirm control measures are implemented for all conferences hosted on a centralized MCU appliance as follows:
- Only authorized endpoints are permitted to access an MCU
- Only authorized users are permitted to access/join a conference. Authorization is pre-configured on the MCU access control system and is based on validated need-to-know as well as security clearance if applicable.
If access control measures are not implemented for all conferences hosted on a centralized MCU appliance, this is a finding.
V-17719
False
RTS-VTC 5020.00
Review site documentation to confirm control measures are implemented for all conferences hosted on a centralized MCU appliance as follows:
- Only authorized endpoints are permitted to access an MCU
- Only authorized users are permitted to access/join a conference. Authorization is pre-configured on the MCU access control system and is based on validated need-to-know as well as security clearance if applicable.
If access control measures are not implemented for all conferences hosted on a centralized MCU appliance, this is a finding.
M
Other
1418